Debian alert DLA-4330-1 (ghostscript)
| From: | Abhijith PA <abhijith@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4330-1] ghostscript security update | |
| Date: | Tue, 14 Oct 2025 13:02:54 +0530 | |
| Message-ID: | <aO38pteaWQdS9Dzm@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4330-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Abhijith PA October 14, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ghostscript Version : 9.53.3~dfsg-7+deb11u11 CVE ID : CVE-2025-7462 CVE-2025-59798 CVE-2025-59799 Multiple vulnerabilities were discovered in ghostcript, an interpreter for the PostScript language and PDF. CVE-2025-7462 Function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. CVE-2025-59798 A stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. CVE-2025-59799 a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. For Debian 11 bullseye, these problems have been fixed in version 9.53.3~dfsg-7+deb11u11. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmjt/KUACgkQhj1N8u2c KO/DbQ//ZFv+/yoEyhl4X2uTULW10eUt4ZPZ+0Zkja8h9Q1bcg0wTQ2cHh8n7b43 3FSqxl6UM+zHHM7TqGkYAXqlTwpVegxlBavAEWM9RZUhMAYXSVQxrvX/ettWgEu9 6oICZGeHYcJGIiV6Erk8yLkx9gNA/C0xjJJQ0QFmYzNh2raZY6ayDH8l1V+ks73x yQxxopMiQ2SVgQCG/QkLrWttzNDJGMUZP+IvAMK2k8ng9K7FEWkSEGSx53j3zZXG NC+waRo6Y16lJ864f0yfyfxVT1k+e8E+MVCypL8LLr0s9gBxbTnx+xHpIAqsy5wk QxG5XUVH2tc6MX6USRaIprHB3Ad1d3qQxSQ91dGvvL1kZhflfgss59w8Wzco2+MS a5GnDD+guy/udZq9KilSa0ezfQVggynwRS9BVFPDozi/U2WbvU5ABZxtePzTEDXf wDJijK5+54WNrZmVEixlqUzNZjppwA5XLAcy9l43VcwvnbVKXpaMD0QqVhBiDclf L6qizWEHCEMpNYH7M8sX1yPZhnvWeMB5zrJGUOLuM9kVvKX011I8Qpw2j4NhPSBw L+nzGIx7n9f3oXnf7y6DEh4cGxKttp7LxlsXtgffagJe8GA1sI4Fz5ne1zeHLe9L ayS4SOqo2vVGoOjG/OI6hfJpJctCFzcIkMdW/yYsuzHB2ASgcyE= =jSD5 -----END PGP SIGNATURE-----